On May 6th, 2016 WordPress put out an important security update for WordPress, version 4.5.2. Red technologies strongly suggest you update WordPress as soon as you can to the latest security release.

WordPress versions 4.2 through 4.5.1 are vulnerable to a security vulnerability called Same Origin Method Execution (SOME). This type of vulnerability is a form of web application attack that abuses callback endpoints that will force a user to execute some kind of scripting method on the endpoints domain. In previous versions of WordPress this vulnerability lived through Plupload, a third party library WordPress uses to upload files.

The vulnerability was found by a security penetration testing team from Cure53. This is a good example of why we should try to keep our Plugins and themes up to date. If you are worried about possible vulnerabilities in your WordPress site, feel free to contact us to today and we can talk to you about our Website Security and Maintenance Services.